Huawei Honor 6/Honor 6 Plus/Honor 7 up to 6.9.15 PXN Defense 7pk security

A vulnerability was found in Huawei Honor 6, Honor 6 Plus and Honor 7 up to 6.9.15. It has been rated as critical. Affected by this issue is some unknown functionality of the component PXN Defense. The manipulation leads to 7pk security features. Using CWE to declare the problem leads to CWE-254. The bug was discovered 10/26/2016. The weakness was released 04/02/2017 as sa-20161026-01 (Website). The advisory is available at huawei.com. This vulnerability is handled as CVE-2016-8768. An attack has to be approached locally. There are no technical details available. There is no exploit available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment. This vulnerability is assigned to T1211 by the MITRE ATT&CK project. It is declared as not defined. The vulnerability was handled as a non-public zero-day exploit for at least 158 days. As 0-day the estimated underground price was around $5k-$25k. Upgrading to version 6.9.16 is able to address this issue. It is recommended to upgrade the affected component. A possible mitigation has been published even before and not after the disclosure of the vulnerability. The vulnerability is also documented other vulnerability databases: SecurityFocus (BID 93885).

Field04/03/2017 09:04 AM08/25/2020 09:11 AM11/24/2022 02:37 PM
vendorHuaweiHuaweiHuawei
nameHonor 6/Honor 6 Plus/Honor 7Honor 6/Honor 6 Plus/Honor 7Honor 6/Honor 6 Plus/Honor 7
version<=6.9.15<=6.9.15<=6.9.15
componentPXN DefensePXN DefensePXN Defense
cwe254 (7pk security)254 (7pk security)254 (7pk security)
risk222
historic000
cvss2_vuldb_basescore6.86.86.8
cvss2_vuldb_tempscore5.95.95.9
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_nvd_avNNN
cvss2_nvd_acMMM
cvss2_nvd_auNNN
cvss2_nvd_ciCCC
cvss2_nvd_iiCCC
cvss2_nvd_aiCCC
cvss3_meta_basescore6.56.56.5
cvss3_meta_tempscore6.36.36.4
cvss3_vuldb_basescore5.35.35.3
cvss3_vuldb_tempscore5.15.15.1
cvss3_vuldb_avLLL
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_nvd_avLLL
cvss3_nvd_acLLL
cvss3_nvd_prNNN
cvss3_nvd_uiRRR
cvss3_nvd_sUUU
cvss3_nvd_cHHH
cvss3_nvd_iHHH
cvss3_nvd_aHHH
date1491091200 (04/02/2017)1491091200 (04/02/2017)1491091200 (04/02/2017)
urlhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-pxn-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-pxn-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-pxn-en
price_0day$5k-$25k$5k-$25k$5k-$25k
nameUpgradeUpgradeUpgrade
upgrade_version6.9.166.9.166.9.16
cveCVE-2016-8768CVE-2016-8768CVE-2016-8768
cve_assigned1476748800 (10/18/2016)1476748800 (10/18/2016)1476748800 (10/18/2016)
cve_nvd_published149109120014910912001491091200
cve_nvd_summaryHuawei Honor 6, Honor 6 Plus, Honor 7 phones with software versions earlier than 6.9.16 could allow attackers to disable the PXN defense mechanism by invoking related drive code to crash the system or escalate privilege.Huawei Honor 6, Honor 6 Plus, Honor 7 phones with software versions earlier than 6.9.16 could allow attackers to disable the PXN defense mechanism by invoking related drive code to crash the system or escalate privilege.Huawei Honor 6, Honor 6 Plus, Honor 7 phones with software versions earlier than 6.9.16 could allow attackers to disable the PXN defense mechanism by invoking related drive code to crash the system or escalate privilege.
securityfocus938859388593885
securityfocus_titleMultiple Huawei Products CVE-2016-8768 Local Privilege EscalationMultiple Huawei Products CVE-2016-8768 Local Privilege EscalationMultiple Huawei Products CVE-2016-8768 Local Privilege Escalation
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcXXX
0day_days158158158
cvss3_nvd_basescore7.87.87.8
discoverydate14774400001477440000
confirm_urlhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-pxn-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-pxn-en
osvdb_titleCVE-2016-8768 - Huawei - Honor 6 Firmware - HighCVE-2016-8768 - Huawei - Honor 6 Firmware - High
securityfocus_date1477440000 (10/26/2016)1477440000 (10/26/2016)
securityfocus_classDesign ErrorDesign Error
identifiersa-20161026-01
cvss2_nvd_basescore9.3

Want to stay up to date on a daily basis?

Enable the mail alert feature now!